The state of RFID technology in security
RFID has been in use as an identification technology for decades. And still is regarded something new by some in our industry. Today, RFID cards are still the most popular way to identify people in access control scenarios. But the underpinning technology has evolved over the years and it appears that alternatives are increasing in popularity. Mobile access (BLE, NFC), biometric identification technology, QR-codes and other technologies have been around long enough to be considered serious alternatives or additions to RFID systems, each with their own pros and cons. New identification technologies, like UWB and AI-driven behavorial analytics are introduced to the industry as well. So the question rises if RFID will remain to be the dominant technology to identify people in the years ahead of us…
It started with cards
Let’s look back and review the basics of identification technology. Most of us will know that RFID is an acronym for Radio Frequency IDentification. We have explained before in this video that RFID is a technology that is using radio communication at a specific radio frequency to transmit a unique number from a tag (or label or card) to a receiver (reader).
People can be identified in an automated way by something they know (password, PIN-code), something they hold (key, card, tag, phone) or something they are (biometric recognition o fingerprint, iris, face). In a time when automated biometric identification was still in early stages of development, the choice in access control really was between using a PIN-code or using a key or card.
Traditional keys and mechanical locks were, and still are, the most used access control technique in the world today. Easy to install, easy to understand and easy to use. But in the seventies people realized that using keys in environments with many doors and many people always lead to the sames types of challenges: If access to specific parts of the building should be limited to a specific group of people, you needed to work out an authorization scheme and convert that in a complicated key distribution plan. If someone would lose a key, that would pose an immediate security threat and it would mean that locks needed to be replaced. If someone needed access to a specific room or building, it mostly meant distributing another key to someone that probably already had multiple keys. It was difficult to keep track of who was in possession of which keys. If someone would leave the company, it was sometimes a challenge to get all keys returned. And after an incident there was no way of viewing back at security related events.
The introduction of electronic access control and, at first, magnetic stripe cards greatly helped in dealing with the challenges mentioned in the previous paragraph. Digitization and automation have made great impact. The traditional access control process related to mechanical keys, was now split into three major steps:
- Identifying the user
- Allowing or denying access
- Registering the event
This is now common practice in access control. If the user loses a card, that card can be easily removed from the list of identifiers for the user. And it can be replaced with another card easily. Electronic access control also made it easier to implement an additional step after initial identification (step 1), which is to verify the identity using another identifier. Multi-factor authentication of identity is now easily implemented.
The magnetic stripe cards sometimes were easily damaged and swiping them sometimes was a challenge. Wiegand cards helped my making the medium touchless. But the real improvement to the use experience was made when proximity cards were introduced, which nowadays are mostly replaces with smart cards.
Proximity cards and smart cards from a few vendors are used throughout the world. People understand how to use them. Installers know how to deploy them. The antenna and chip used to construct RFID-cards can be used in other types of labels as well. Keyfobs and all kinds of other shapes and formats exist as alternative for all current RFID-cards.
IDTechEx find that in 2019, the total RFID market will be worth $11.6 Billion, rising to $13 Billion in 2022. This includes tags, readers and software/services for RFID labels, cards, fobs and all other form factors, for both passive and active RFID. According to Statista in 2020, the global market for RFID tags is projected to be sized at around 24.5 billion U.S. dollars. Retail applications are expected to account for the largest share of the market. Security only is a smaller portion of the total RFID market, but research seems to indicate that the use of RFID is on the rise in general.
Beyond people: vehicles and other objects
The numbers in market reports often include UHF-tags. The rise in sales volumes of RFID tags, according to IdTechEd, mostly comes from sales passive UHF RFID (RAIN RFID) labels. In security these tags are mostly used for automatic vehicle identification. For vehicle identification often active or semi-active RFID technologies are used with potentially higher performance and security levels.
In the security industry the use of RFID cards (HF and LF) is very common. Most access control projects nowadays use RFID access cards to identify people that require access to the building.
The use of RFID in security for other vehicles is much less common. Only in a minority of access control projects, vehicle identification is used to allow vehicles to access a perimeter. It seems there is still room for growth in market penetration for automatic vehicle identification solutions based on RFID.
The idea that a dedicated identification tag or device is used to identify a carrier (person or vehicle), is proven to be strong concept. People love that the simple device (card) does what is needs to do. And it does so in an easy and robust way. The downside of using RFID cards and tags to identify carriers is the capital and operational investment related to physical distribution and installation of the tags. The need for physical deployment and maybe also sometimes security concerns, have resulted in a continued search by the industry for alternative or complementary identification technologies.
Alternatives for RFID
To identify people, a lot of alternative identification technology exists. The first thing that most people will think of is biometric identification technology. Vendors like TBS from Switzerland offer a great portfolio of biometric readers. The great thing about biometrics is that users do not have to carry around cards. They however still need to enrolled.
One of the most-talked-about biometric technologies is AI powered facial recognition. The technology can be easily deployed and allows for large volume identification, for example in football stadiums. The large volume capacity of this technology often raises privacy concerns. This however mostly applies to surveillance applications and less to access control applications.
Another type of identification technology is related to smartphones. BLE and NFC in the phone are used to transmit a virtual card number to the receiver. Vendors like Idesco are offering a portfolio of products that allow users to easily use their (corporate) smartphone to identify themselves. Mobile access control is growing in popularity. It is still debatable whether virtual mobile cards will replace physical cards.
An interesting development in the world of smartphones is UWB, as promoted by the FiRa Consortium. Radio-based UWB may be a great technology to reliably identify users that will have UWB in their smartphone. The long read range might make the technology suitable for driver-based vehicle identification application.
To identify vehicles, another very popular technology is Automatic Number Plate Recognition (ANPR). It allows to identify vehicles without the need to physically install a tag in every vehicle that is part of the application.
In the future V2X-technology that is used to support autonomous driving might really lead to a paradigm shift in automatic vehicle identification.
Predicting the future
RFID is one of most widely accepted technologies in security. Sales volumes are evidence of the fact that cards and tags, equipped with RFID, remain the most popular identification technology. The technology is trusted, easily available and offers satisfactory performance and user experience.
We do predict however that the element of physical distribution does offer an opportunity for alternative technologies to take a considerable piece of the market. If it is as easy to use a mobile access card as it is to use a normal physical access card, more and more corporate will consider to deploy these virtual cards in favor of conventional cards. UWB might be the technology that will further drive this trend when it enhances the user experience.
To identify vehicles, ANPR is already popular. Sales volumes for ANPR readers seem to be grow at a higher speed than the sales of long range RFID readers. RFID will however remain to be popular in applications that require a high security level. When autonomous vehicles are partially becoming reality, V2X might be popular to identify vehicles.
AI-driven technology will also continue to have a great impact on the security industry, including the identification technology category. Facial recognition may be publicly debated, from a user-perspective it is a non-intrusive and very convenient identification technology. And we can expect new innovative ways of identifying people. A small indication of that trend is the emergence of a new authentication technology like TypingDNA, that is offering frictionless authentication based on the way you type. AI in video surveillance also enables us to detect emotions. Who knows what new technology or combination of existing technologies may deliver us the holy grail of identification technology: something that is secure, cost effective, user-friendly, easily deployed, does not require physical distribution of tags and sufficiently respects our privacy…